Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ACS 5.x: File / Bulk Operations on AAA Clients

 

Introduction

This document shows how to  add, update, delete and export different objects in bulk in Access  Control System version 5.x. Objects, such as, Network Device Groups, AAA  Clients, Users, Hosts etc.

 

Overview

In  ACS 4.x we had a feature of RDBMS synchronization to add, update and  delete ACS objects like users, AAA clients etc. in bulk. This feature is  very useful in cases where we are migrating to ACS and adding a new  ACS. In ACS 5.x, you can use the file operation function to perform bulk  operations (add, update, and delete) for the following on your  database:

  • Internal users
  • Internal hosts
  • Network devices (AAA Clients)

 

The  .csv templates for users, internal hosts, and network devices are  specific to their type; for example, you cannot use a downloaded   template accessed from the Users page to add internal hosts or network   devices. Within the .csv file, you must adhere to these requirements:

  • Do not alter the contents of the first record (the first line, or row, of the .csv file).
  • Use only one line for each record.
  • Do not imbed new-line characters in any fields.
  • For non-English languages, encode the .csv file in utf-8 encoding, or save it with a font that supports Unicode.

 

Configuration

Please follow these steps to perform file operations in ACS 5.x.

 

Tip: To perform a bulk add, edit, or delete operation on any of the ACS objects, you can use the export file of that object, retain the header row, and create the .csv import file.

File Operations on AAA Clients (Network Devices)

AAA Client Bulk Add

1. In order to add AAA clients in bulk go to ACS GUI > Network Resources > Network Devices and AAA Clients > File Operations.

 

fo0005.jpg

 

2. Select Add and then click on Next.

 

fo0006.jpg

 

3. Click on Download Add Template.

 

fo0007.jpg

 

4. Once the template is downloaded and saved on your hard disk, open it using a notepad or excel. Closely examining the columns here are the main ones:

 

  • name:String(64) [Required] > Enter the name of the AAA client.
  • description:String(1024) [Optional] > Enter the description of the AAA client.
  • subnets [Required] > Enter the ip address of the AAA client. You can specify full IP address with /32 or a subnet using /8 or /16 or /24, or IP address with wildcard "*" or, with IP address range.
  • supportRADIUS:Boolean(true,false) [Required] > Enter True if it a RADIUS Client, else False.
  • radiusSecret:String(32) [Optional] > Enter the shared secret that you want to use.
  • supportTACACS:Boolean(true,false) [Required] > Enter True if it a TACACS+ Client, else False. Note: An AAA Client can support both RADIUS and TACACS+ at the same time.
  • tacacsSecret:String(32) [Optional] > Enter the shared secret that you want to use.  

 

I have created a sample file with 5 rows:

 

fo0011.jpg

 

5. Go back to the ACS GUI and click Next.

 

fo0009.jpg

 

6. Click on Browse to select the template file you just created, and then click on Finish. Note: You must have pop-up blocker disabled on your browser, before you click finish.

 

fo0010.jpg

 

7. Now verify that ACS was able to import all the rows that were present in the csv file, and click OK.

 

fo0012.jpg

 

8. In order to ensure that ACS reflects the changes, go back to the ACS GUI and refresh the page.

 

fo0013.jpg

 

AAA Client Bulk Update

     
description:String(1024)

1. In order to udpate AAA clients in bulk go to ACS GUI > Network Resources > Network Devices and AAA Clients > File Operations.

 

fo0001.jpg

 

2. Select Update and then click on Next.

 

fo0002.jpg

 

3. Click on Download Update Template.

 

fo0003.jpg

 

4. Once the template is downloaded and saved on your hard disk, open it  using a notepad or excel. Closely examining the columns here are the main ones:

 

Note: All the columns mentioned as Required have to be filled. In case you do not wish the change the column value, provide the same value.

 

  • name:String(64) [Required] > Enter the name of the AAA client that you want to edit.
  • Updated name:String(64) [Required] > Enter the new name of the AAA client. In case you do not want to change the name, enter the same name.
  • description:String(1024) [Optional] > Enter the description of the AAA client.
  • subnets [Required]  > Enter the ip address of the AAA client. You can specify full IP  address with /32 or a subnet using /8 or /16 or /24, or IP address with  wildcard "*" or, with IP address range.
  • supportRADIUS:Boolean(true,false) [Required] > Enter True if it a RADIUS Client, else False.
  • radiusSecret:String(32) [Optional] > Enter the shared secret that you want to use.
  • supportTACACS:Boolean(true,false) [Required] > Enter True if it a TACACS+ Client, else False. Note: An AAA Client can support both RADIUS and TACACS+ at the same time.
  • tacacsSecret:String(32) [Optional] > Enter the shared secret that you want to use.

 

I have created a sample file with 1 row to be updated:

 

fo0004.jpg

 

5. Go back to the ACS GUI and click Next.

 

fo0008.jpg

 

6. Click on Browse to select the template file you just created, and then click on Finish. Note: You must have pop-up blocker disabled on your browser, before you click finish.

 

fo0005.jpg

 

7. Now verify that ACS was able to import all the rows that were present in the csv file, and click OK.

 

fo0006.jpg

 

8. In order to ensure that ACS reflects the changes, go back to the ACS GUI and refresh the page.

 

fo0007.jpg

 

AAA Client Bulk Delete

1. In order to udpate AAA clients in bulk go to ACS GUI > Network Resources > Network Devices and AAA Clients > File Operations.

 

fo0001.jpg

 

2. Select Delete and then click on Next.

 

fo0009.jpg

 

3. Click on Download Delete Template.

 

fo0010.jpg

 

4. Once the template is downloaded and saved on your hard disk, open it  using a notepad or excel. Enter the name of the AAA clients that you want to delete one per row.

 

fo0011.jpg

 

5. Now go back to the ACS GUI > File Operations window and click Next.

 

fo0012.jpg

 

6.  Click on Browse to select the template file you just created, and then click on Finish. Note: You must have pop-up blocker disabled on your browser, before you click finish.

 

fo0013.jpg

 

7.  Now verify that ACS was able to delete all the rows that were present in the csv file, and click OK.

 

fo0014.jpg

 

8. In order to ensure that ACS reflects the changes, go back to the ACS GUI and refresh the page.

 

fo0015.jpg

 

AAA Client Export

1.  In order to export AAA clients go to ACS GUI > Network Resources > Network Devices and AAA Clients > Export.

 

fo0001.jpg

 

2. Click on Start Export, optionally you can provide a password to encrypt the file using GPG. Note: You must have pop-up blocker disabled on your browser, before you click Start Export.

 

fo0002.jpg

 

3. Click on Save File to save the file on the harddisk.

 

fo0003.jpg

 

4.  Open the downloaded file and verify the data.

 

fo0004.jpg

 

Reference

For official Cisco documentation and more information, please refer to ACS 5.x User Guide

Comments
New Member

Hi,

I am trying to import some ACS objects from bulk files generated on a ACS running version 5.3 to an ACS running version 5.6. I have been able to import both users and hosts in the internal identity store  but "Network Device an AAA Clients" import is failing because apparently file format has changed.

Is there any tool to convert ACS5.3 bulk files in to 5.6 bulk files?

Regards

NN

2997
Views
0
Helpful
1
Comments